IPsecVPN CE端配置

hostname 

vpdn enable

vpdn-group ADSL

request-dialin

protocol pppoe

crypto keyring 

pre-shared-key address  key 

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp identity hostname

crypto isakmp profile IPSECPRO

keyring 

match identity address  255.255.255.255

initiate mode aggressive

crypto ipsec transform-set IPSECTRAN esp-3des esp-sha-hmac

crypto map IPSECMAP 10 ipsec-isakmp

set peer 

set transform-set IPSECTRAN

set isakmp-profile IPSECPRO

match address IPSEC

interface Loopback100

ip address  255.255.255.255

interface Tunnel

ip address  255.255.255.252

ip tcp adjust-mss 1432

tunnel source Loopback100

tunnel destination 

interface 

no shutdown

pppoe enable group global

pppoe-client dial-pool-number 1

interface Dialer1

ip address negotiated

ip virtual-reassembly

encapsulation ppp

dialer pool 1

ppp authentication pap callin

ppp pap sent-username  password 0 

crypto map IPSECMAP

ip route  255.255.255.255 Dialer1

ip access-list extended IPSEC

permit ip host  host 

router bgp 

neighbor  remote-as 

address-family ipv4

neighbor  activate

neighbor  route-map ipsec-bgp-in in

neighbor  route-map ipsec-bgp-out out

ip access-list extended ipsec-bgp-in

permit ip any any

ip access-list extended ipsec-bgp-out

permit ip any any

route-map ipsec-bgp-in permit 10

set local-preference 30

route-map ipsec-bgp-out permit 10

set metric 120